You might look into SELinux capabilities if you're running Linux.
Solaris 10 has some similar features:
http://www.sun.com/bigadmin/xperts/sessions/16_prm/
more as an answer to your question, try implementing this thing
in perl. It's better suited to the kind of string processing you're
doing.
Maybe this:
#!/usr/bin/perl -w
$cmd=$ENV{'SSH_ORIGINAL_COMMAND'}
if ( $cmd =~ /[*|?{~\(\[\$\`]/ ) {
die "error, unallowed character in command string\n"
}
if ( $cmd =~ /^\/usr\/bin\/rsync --server/ ) {
# for more security, split this into an array and exec
# the array, that will prevent it from being run by a subshell
exec "$cmd";
}
die "error, command didn\'t start /usr/bin/rsync --server";
This probably has syntax errors and i've probably missed some
metacharacter that you should exclude.
danno
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
